Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-TTL
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
X-DataDome
X-Powered-CMS
X-Vname
Charset
X-PC
X-TtlSet
X-Dns-Prefetch-Control
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
X-ORACLE-DMS-RID
Content-MD5
X-Version
X-F-Cache
X-Exp-Variant
X-Geo-Segment
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
Verso
MS-Author-Via
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
X-Trace
X-T
AR-CACHE
DynaTrace
Paypal-Debug-Id
X-Upstream
X-Varnish-Age
X-Hits
X-Forwarded-Proto
X-Grace
TCN
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Pad
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Kinsta-Cache
X-FastCGI-Cache
Access-Control-Request-Method
X-IPLB-Instance
X-Cache-Hit
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-Logged-In
X-B
AR-SID
X-HW
X-Goog-Generation
X-Server-ID
X-Goog-Storage-Class
X-HeyJason
X-Goog-Stored-Content-Encoding
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
X-NewRelic-App-Data
X-Ser
Service-Worker-Allowed
X-Wix-Server-Artifact-Id
X-MSEdge-Ref
X-XRDS-Location
X-Cache-Key
Server-Name
Tracecode
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-Frontend
X-Country-Code-Real
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Oneagent-Js-Injection
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-Oracle-Dms-Rid
Fastly-Restarts
Eomportal-Instance
Alternate-Protocol
X-Cache-Rule
X-GUploader-UploadID
Cleartype
Cache-Status
X-Analytics
Backend-Timing
X-Srv
Host
X-Accel-Buffering
X-RateLimit-Remaining
TP-L2-Cache
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Rid
X-Revision
X-Whom
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
FilterID
X-FTR-Cache-Host
X-VCache
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
X-Ttl
ServerID
X-TA-CDN-Provider
X-AOL-HN
X-Varnish-Backend
X-NWS-LOG-UUID
X-Cache-2
Front-End-Https
X-Mobile
X-Via-JSL
Accept-Charset
X-Content-Powered-By
X-Webkit-CSP
X-Request-Processing-Time
X-Request-Received
X-Cdn
X-Zen-Fury
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-Kinja-Server-Push
X-Cached-By
Viewport
X-Node-Name
X-App-Environment
X-LB-Cache
X-B3-Traceid
X-Cluster
X-Page-Id
X-Tumblr-User
X-Varnish-Hostname
Host-Header
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Akamai-Edgescape
Liferay-Portal
X-Framework
X-Handled-By
X-Cache-Control
X-TT
X-Request-Guid
X-Device-Type
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Signature
X-B3-Sampled
X-Platform-Server
Upgrade-Insecure-Requests
X-B-Cache
DC
X-Instance
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Display
Source
X-APP-VERSION
Retry-After
X-Accel-Expires
X-WA-Info
X-Varnish-Server
X-Servedby
X-Contextid
X-Fastcgi-Cache
HitInfo
Server-Info
HitType
X-Distil-CS
X-Iejgwucgyu
X-Cache-Action
X-Cache-Operation
X-Wix-Request-Id
Content-Script-Type
X-Seen-By
Content-Style-Type
Webserver
X-Amz-Replication-Status
X-GeoIP
X-Port
X-Tumblr-Pixel-2
X-RequestSource
User-Agent
X-S
X-Tumblr-Pixel-1
GEO-INFO
X-Locale
X-Status
X-Jobs
X-WebKit-CSP-Report-Only
X-Edge-Location
Actual-Object-TTL
X-Generated-By
X-FW-Server
X-Edge-Cache-Key
X-FW-Type
X-FW-Hash
X-FW-Static
X-UUID
X-FW-Serve
X-Edge-Cache
X-Response-Served-From
AsisCache
X-Region
X-TX-ID
ServedBy
SRV
X-Adobe-Content
Healthy
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Geo-Country
X-Varnish-Hits
X-Hyper-Cache
X-Litespeed-Cache
Refresh
X-ATG-Version
X-Yottaa-Metrics
X-Daa-Tunnel
X-Yottaa-Optimizations
X-DataStream-Cache-Status
X-Cache-Age
X-Cache-NE
X-Middleton-Response
Response
X-Cache-TTL-Remaining
X-Varnish-Grace
IBM-Web2-Location
S-Cnection
Payment
Filters
X-Esi
X-Amz-Server-Side-Encryption
X-CDN-Forward
X-Content-Type
NGB
X-Az
Datacenter
X-AppVersion
X-Activity-Id
X-Proxied
X-Newrelic-App-Data
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-UA
X-Vg-Webcache
Country
X-Cacheable-TTL
X-Cache-Remote
X-Cache-TTL
X-App-Server
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-IP
X-Mode
X-Sucuri-ID
X-Akamai-Transformed
X-ProcessESI
X-Rendered-As
X-RN-RSRV
X-RemovedCookies
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-Unique-ID
X-Is-Bot
Meta-Geo
Machine
X-HS-Combine-CSS
Load-Balancing
X-FC-Vary-Parameters
Pagespeed
X-Rule
X-Rocket-Nginx-Bypass
X-RateLimit-Limit
X-Proxy
X-Hosted-By
X-PCL
X-Cache-Category-Id
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin
X-BYPASS-REASON
X-Amz-Meta-Surrogate-Control
TWC-Privacy
User-Cache-Control
TWC-Locale-Group
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
X-OCL
Mn-Server-Ip
Property-Id
X-Grey
DB-Nickname
Access-Control-Allow-Method
Backend
X-Human
TWC-Connection-Speed
X-ServerID
TWC-GeoIP-Country
X-Tb
X-Varnish-Cacheable
TWC-Device-Class
X-Varnish-Cache-Hits
Cache-Name
AR-Request-ID
X-BB-IP
X-Access
X-CDN-Cache
ServerName
X-Debug-Cache
X-EIG-Tracking-Id
S-Rt
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Now
L5d-Success-Class
Powered-By-ChinaCache
X-Generated
X-Section
X-Routing-Service
X-Site-Version
X-TNCMS
X-Zipkin-Id
X-Upgrade-Enabled
X-OVcl-Cache
X-Original-Request
X-Hit
Azure-InstanceId
X-JoinUs
X-Loop
X-NodeID
X-Format
X-OVcl
X-PERF
X-Ruxit-Js-Agent
X-NGENIX-Cache
X-Agile
X-Proxy-Build
Selected-FE
X-TWH-CORRELATION-ID
X-Timing-Wait
X-SplitTest
X-Agile-Age
X-Agile-Id
X-IP
X-Cache-Config
X-Environment-Context
X-L-Path
X-LJ-Flow-ID
X-ApacheServer
X-App-Name
X-AWS-Id
X-Via-Fastly
X-Pubstack
X-Www-Served-By
OT-Force-Account-Verify
Cache-Key
X-VWS-Id
Access-Control-Request-Headers
X-Viewer-Country
X-Drupal-Cache-Contexts
X-CCM
X-Origin-CC
X-Ocache
X-Real-IP
X-Backend-Name
Cache
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Mshield-Cache-Status
X-Upstream-HT
X-Upstream-CT
X-Nginx-Cache
X-Mrs-Cache-Hits
X-Xfnlog-Site
X-Source
Fastcgi-Useragent
X-HOST
X-Mrs-Age
X-Mrs-Cache
X-URL
HostName
X-Akamai-Request-ID
From-Origin
X-Pc-Date
X-Storage
X-Pc-Host
X-Vgn-Hpd-Reason
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Correlation-ID
X-Forwarded-Host
Fastly-SSL
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Log
X-Qnm-Cache
X-M-Reqid
LB
X-Feature
X-NC
X-Ms-Version
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-Varnish-Beresp-Status
NtCoent-Length
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Birta-Served
X-Distributor
X-Release
X-Birta-Cache-Post
X-Labrador-Cache-Channel
X-Microcachable
X-UA-Device-Type
X-VG-TLSProxy
XServer
X-EdgeConnect-Cache-Status
Pagetype
X-Webkit-Csp
X-Cache-Backend
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
Time
X-B3-Spanid
WZWS-RAY
X-Powered-By-ANYU
ViewerVersion
Frame-Options
X-D
X-CUA
Xc-Version
X-Rewrite-Enabled
X-Date
X-SRCache-Key
X-Rojux
X-Developer
X-Server-By
X-Server-Time
X-SIPLIST1
X-S-Cookie
X-Destination
X-Died
X-ScT
X-Accel-Expires-Debug
X-A-Wwc
Ajk
X-Application
X-ARC
X-A-Dgt
X-A-Dcw
Www
X-A
X-A-Ccd
X-A-Dam
X-B-Cookie
X-BB-ID
X-Request-UUID
V-Age
T-Server
Arc-Country
X-CF-Lambda-Version
X-CF-Lambda-Fn
AKAMAI
X-Cache-Bucket
VivaBuild
Viewtype
Cneonction
X-Redis-Cache
X-Generation-Time
X-Region-Sid
NGX
Fly-Cache
X-Generated-In
X-UE-Client-Country
X-G
Mobile-Detection-Method
X-Org
X-NU-AKA-ACS-Version
Ec-Rule-Version
X-Irp-Debug
X-C
X-IN-WAF
IsBot
X-No-Session
X-Logtrace-Id
X-IN-SSL-APIGATEWAY
X-From
Fly-Request-Id
X-Via-CDN
BehaviorPad-Version
X-PAYTM-SRV-ID
MD5-Digest
X-Via-SSL
X-Via-Edge
X-DPWN-IS-SECURE
Cache-Prefix
X-Trv-Group
Meta-Geo-Continent
X-IN-APIGATEWAY
Rendered-Blocks
X-VG-WebServer
X-WebServer
Server-Int
X-Dispatcher-Server
MIME-Version
X-Web-Node
X-Sucuri-Cache
X-PHP-Backend
X-NWS-UUID-VERIFY
X-GZip
X-SERVER-NAME
X-Request-Time
X-Cluster-Node
X-FireWall-Port
X-Instance-Name
NodeID
HA-Geolat
HA-Ipaddr
Release
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
SN
Pragrma
HA-Servedtime
HA-Urlpath
Origin-Cache-Control
Web-Mar-Node
Origin-Edge-Control
Magicmarker
X-We-Are-Hiring
X-Key
X-UnsetCookies
X-Layer
X-Varnish-Action
X-VCT
X-VServer
X-Hnp-Log
X-Node-Id
X-Origin-TTL
X-RateLimit-Remaining-Second
X-Store
X-S-Maxage
X-RateLimit-Limit-Second
X-Platform
X-Owner
X-Phone
X-Hl-Ver
X-Hash
X-Core-Value
X-Crawler
X-CS
X-CGP
X-Cache-Enabled
X-Block-Status
X-Cache-CFC
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Gen-Mode
HA-Geocountry
X-GeoIP-City
X-Fastly-Cache
X-F5-Cache
X-Eu-Site
X-External-Request-Id
X-Amz-Meta-Cache-Control
Server-Host
Backend-Name
Country-Code
GMS-Ver
HA-Cloudapp
HA-Geocity
X-V
X-Webstats-RespID
CACHE
X-App-Version
X-Response-By
X-Passed-To
X-Cache-URL
X-Cdn-Srv
X-Returned-From
X-Backend-Url
X-Returned-From-BeforeDispatch
X-Cache-Expires
X-Cache-Srv
X-Returned-From-DLL
X-Backend-Host
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Powered
X-Policy
Adler-Geo
REQUESTUUID
X-Shopify-Stage
X-ShopId
X-Returned-From-PostProcessResponse
X-Backend-State
X-Passed-To-BeforeDispatch
X-Alternate-Cache-Key
X-Secret
X-Actual-URL
X-Backend-TTL
X-Variation
X-Stale
X-FW-Version
X-Fetched-On
X-MI-In-Market
X-Swa-Ws
X-MSEdge-Features
X-Gannett-Site-Version
X-Sf
X-Server-IP
X-HTML-Minification-Powered-By
X-Location
X-Matched-Rule
X-GeoIP-Country-Code
X-Thinkindot-L3
X-Epic-Correlation-Id
X-Var-Ttl
X-Up
X-Croise-Owner
Apple-News-Services-Handled
X-Clientip
X-Core-Mission
X-Debug-Cookies
X-Debug-Log
X-Tumblr-Pixel-3
X-TT-LOGID
X-MSEdge-Flight
X-Developers
X-Nginx-Cache-Key
X-NX-Host
X-ShardId
Platform
Origin
Odigeo-Trace-Id
Countrycode
Proxy-Connection
Request-Country
Section-Io-Cache
X-Passed-To-PostProcessResponse
Request-EU
MI-Cache-Age
MI-Cache
Heartbleed
X-RCS-CacheZone
X-Reboot
Host-ID
Is-Eu
MI-API
Esi-Enabled
Kp-EeAlive
CDCHOST
X-Request-URI
Thinkindot-Control
Thinkindot-CacheControl-Type
Uber-Trace-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Passed-To-DLL
Apple-News-Services-Request-Url
Thinkindot-CacheControl
X-Dc
Decoy-Debug-Key
Server-ID
HTTPS
X-Device-Os
X-Servername
X-Fstrz
On-Server
True-Client-Country-4JS
Resin-Trace
RNT-Machine
RNT-Time
X-ServiceProvider
X-Trace-Id
X-ElasticPress-Search
Decoy-Debug-Status
Decoy-Debug-TTL
Fastly-Backend-Name
Content-Disposition
Sid
X-Cdn-Origin
X-Worker
X-Cache-Host
Cache-Tags
X-Ckpd-Fst-Backend
X-Alicdn-Da-Ups-Status
X-Content-Age
X-Sn-Servicetimems
X-Ezoic-Cdn
ProcessTime
PFcat
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Skip-Cache
Fastly-SWR
Request-Time
X-Endurance-Cache-Level
Warning
Xserver
X-TIME
X-Varnish-Beresp-Ttl
X-Pf-Uncompressing
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Real-Ip
RequestId
X-CACHE-AGE
Cache-Cookie-Set-Idcheck
Cteonnt-Length
X-Csrf-Token
Ar-Sid
CF-IPCountry
X-Ua
X-Proto
X-Newrelic-Synthetics
X-Surge-Debug
We-Hiring
Mail-Subject
X-Req
X-Refresh
WP-Super-Cache
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
CDN
X-Servedbyhost
PageSpeed
X-Pjax-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Guploader-Uploadid
X-Nc
X-Aed
X-B3-TraceId
X-GEO
X-Varnish-Beresp-TTL
Hostname
Pramga
Dnion-Transfer-Encoding
X-Cache-ASPX
X-CSRF-Token
X-Geo
X-Varnish-Ttl
X-GoCache-CacheStatus
X-Edge-IP
Geoip-Latitude
GeoIp-Country-Code
TSSecure
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-COUNTRY
X-Server-W
X-Ms-Lease-State
X-Time
X-Hello
X-DataStream-MidMile-RTT
X-ABtesting
X-Page-Type
X-DataStream-Origin-MEX-Latency
X-Flog
NODE
X-DC
X-Oracle-Dms-Ecid
NnCoection
X-WA
X-Aicache-OS
X-Origin-Date
X-Amz-Cf-Pop
X-Origin-Expires
MS-CV
X-HCF
X-Auto-Login
X-Varnish-Url
X-Cache-Control-Set-By
A
Lfy
Cdn
X-Varnish-HitMiss
X-Akamai-Request-ID2
SD-X-WS
X-Datadome
X-GRACE
FSS-Proxy
FSS-Cache
Mime-Version
X-Cdn-Forward
X-Server-Group
WWW-Authenticate
Processtime
X-Ratelimit-Limit
Node
X-Varnish-URL
X-Unique-Id
Geoip-City
Rt-Proxy-Cache
X-Sentry-ID
X-Via-NSCOPI
X-Check-Cacheable
X-Wa
PICS-Label
X-EC-Security-Audit
X-PAGE-TYPE
X-Wix-Route-ID
X-UPSTREAM-Address
PageType
X-Use-Magma
X-Thanos
Memcached
X-Served-From
X-Cache-Id
X-Bip
X-APP
X-From-Cache
X-Nananana
X-NODE
Ms-Operation-Id
X-Cache-Info
X-Gdpr
Cdn-Host
X-Be
Lb
X-SRV
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-MP-GENERATED-AT
Cdn-Request-Time
X-RTag
X-Edge-Server
X-Request-Start
Dont-Set-Cookie
X-Cookie
X-CACHE-KEY
X-Proxy-Server
X-Gen-Id
Memory
COMMERCE-SERVER-SOFTWARE
X-Fastly-Cache-Hits
X-GDPR
X-Fastly-Backend-Reqs
X-WR-MODIFICATION
X-Load-Cache
X-Dynatrace-Js-Agent
DataCenter
X-Cache-HT
GW-Server
X-FORWARDED-FOR
X-Env
UCS
Get-Access-Time
X-Optimization
Is-Session-Tracking
X-Swift-Error
Who
X-User
X-PJAX-URL
X-HS-Status
Pics-Label
X-ServedByHost
X-B3-SpanId
X-Ver
Cache-Hits
X-Cache-FS-Status
X-Cache-Ttl
V-Cache
X-RateLimit-Reset
Group
Ws
X-Ibm-Trace
Cf-Ipcountry
Accept-Language
URI
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fe
X-Dw-Trace-Id
X-CDN-Pop
X-CDN-Pop-IP
X-Meta-Tbi-Cache-Vertical
Amp-Access-Control-Allow-Source-Origin
X-ID
Requestid
X-SB
X-Bug-Bounty
NX-Cache
Xet-Cookie
X-VC
AGE-Hash
X-Shard
X-Content-Encoded-By
X-Cache-Debug
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-PF-Uncompressing
X-LI-UUID
X-BBXSRF
Locale
Httpd-Identifier
X-GZIP
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NGINX-Cache
Serverid
Powered-By
X-SVT-ORM-VERSION
N-Cache
X-Info
X-Ratelimit-Remaining
X-SVT-ORM-RULES
X-CacheKey
CDN-Node
X-Wix-Petri-Ex
CDN-Cache-Hit
CDN-Cache
X-Varnish-Info
X-Serial
Version
Ohc-File-Size
X-Flags
X-Litespeed-Cache-Control
X-RequestId
X-StackifyID
X-Cache-Handler
X-Is-Crawler
X-Providence-Cookie
X-Akamai-ERRuleID
Https
X-Akamai-ERPolicy
X-ServerName
X-Route-Name
X-Grace-Duration